To allow my customers to download my iOS apps signed with AdHoc or Entreprise certificates, I use this htaccess file:
<FilesMatch "\.(ipa|plist)$"> FileETag None <ifModule mod_headers.c> Header unset ETag Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT" </ifModule> </FilesMatch> AddType application/octet-stream .ipa <Files *.ipa> Header set Content-Disposition attachment </Files>
The « Caches » directives are not mandatory, but large customers are usually behind a reverse proxy and I want to avoid side effects, if possible.
So far, so good.